HP Portal Crowdsources Security Threat Intelligence

HP Tuesday announced a number of new and updated security offerings, including its first-ever next-generation firewall, as well as HP Threat Central, which is the company's first-ever crowdsourced portal designed for sharing real-time information on online attacks.

HP Threat Central will allow "vetted and correlated threat intelligence" from HP and selected partners to be disseminated via an online portal, where participants can also discuss and comment on information, said Art Gilliland, senior VP and general manager of HP's enterprise security products, speaking by phone. Related threat intelligence can also be piped directly into HP ArcSight for mitigating related attacks.

"The things that have been blocking threat sharing: one is trust, and the other is you have to take the data and analyze it yourself," Gilliland said.

On the analysis tip, information from HP Threat Central -- which is currently being beta tested by a group of HP ArcSight customers -- will be in Structured Threat Information eXpression (STIX) language format, and can be obtained using the Trusted Automated eXchange of Indicator Information (TAXII) message exchange service specifications. "Both of those are standards -- neither one has won yet -- being worked on by the MITRE Corporation," Gilliland said, and together they enable cross-platform threat intelligence information sharing.

Beyond Threat Central, HP also announced the debut of its first-ever next-generation firewall, which -- as defined by Gartner -- refers to "deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention and bringing intelligence from outside the firewall."

"We have a very good IPS system, which is essentially protecting the apps and data that sits in data center," said Gilliland, referring to the HP TippingPoint IPS (aka intrusion prevention system). "The challenge is that the threats are now coming in and attacking the users, so these next-generation firewalls and IPS systems are, to a certain extent, converging."

HP built its next-generation firewall from scratch, using its IPS platform as a base. "Why we think we'll be quite effective at this is we are incredibly effective at blocking threats with our IPS technology, and that's one of the challenges associated with using next-generation firewalls," Gilliland said, referring to the need to not just spot attacks, but also follow through and adjust defenses throughout the enterprise infrastructure. For example, he said, HP's use of a common policy framework means that if a next-generation firewall reports an ongoing attack, TippingPoint customers can create one related security rule, then apply it to every TippingPoint device, for example to create virtual patches that lock down a vulnerability attackers might be trying to exploit.

HP also announced Tuesday that its HP BIOSphere firmware ecosystem will gain what it's dubbed "HP SureStart technology," which allows the BIOS to heal itself should it be attacked or corrupted. "The hardware will defend itself above and beyond the other types of protections you'll find on the client," Gilliland said.

Other announcements from HP, meanwhile, included a continuous vulnerability monitoring service for U.S. government agencies, plus new enterprise managed security service capabilities, including better distributed denial of service (DDoS) attack detection and mitigation, as well as new bring-your-own-device (BYOD) and mobility services.

Learn more about defending your organization by attending the Interop conference track on Risk Management and Security in New York from Sept. 30 to Oct. 4.

The self-heeling BIOS is all new. Isn't necessarily defending against real-world attacks, but I think it's interesting nonetheless.

As noted but Marcia, HP is very late to the next-gen firewall game, which has multiple well-regarded players already. HP's play is that IT managers will prefer one throat to choke, and benefit from having a more easy to manage security infrastructure. That's the pitch.

On the threat intelligence sharing front, meanwhile, it's still early days for all concerned, as the yet-to-be-decided MITRE information-sharing standards suggest. Furthermore, there are steep cultural and business barriers today that prevent the easy sharing of threat intelligence. HP is arguably putting a stake in the ground, but whether businesses buy in -- either to its next-gen firewall, or vision for crowdsourced threat intelligence sharing -- remains to be seen.

Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind.